---
# tasklist for setting up bodhi/masher (requires bodhi/base)
# This is the base set of files needed for bodhi/masher

- name: add ftpsync group
  group: name=ftpsync gid=263 system=yes state=present
  tags:
  - bodhi

- name: add ftpsync user
  user: name=ftpsync uid=263 group=ftpsync createhome=yes system=yes state=present
  tags:
  - bodhi

- name: install needed packages
  package: name={{ item }} state=present
  with_items:
  - mock
  - fedmsg-hub
  - fedmsg-relay
  - python-mock
  - bodhi-composer
  - sigul
  - python-alembic
  - python-scandir
  - python2-productmd
  - compose-utils
  - python-fedmsg-meta-fedora-infrastructure
  - pungi
  - pungi-utils
  - python2-koji-cli-plugins
  - python2-pdc-client
  - python2-modulemd
  tags:
  - packages
  - bodhi

- name: install tag2distrepo on fedora bodhi backends
  package: name=python2-tag2distrepo state=present
  when: inventory_hostname.startswith('bodhi-backend02')
  tags:
  - packages
  - bodhi

- name: install python3-ccolutils on fedora bodhi backends
  package: name=python3-cccolutils state=present
  when: inventory_hostname.startswith('bodhi-backend01')
  tags:
  - packages
  - bodhi

- name: install bodhi-composer
  package: name=bodhi-composer state=present
  when: inventory_hostname.startswith('bodhi-backend01')
  tags:
  - packages
  - bodhi

- name: install ostree
  package: name=ostree state=present
  when: inventory_hostname.startswith('bodhi-backend01')
  tags:
  - packages
  - bodhi

- name: hotfix /usr/bin/alembic to use our webob forward compat package
  copy: src=alembic dest=/usr/bin/alembic
  tags:
  - hotfix
  - bodhi

- name: add masher group
  group: name=masher gid=751 system=yes state=present
  tags:
  - bodhi

# masher user 751
- name: add masher user as 751 - and group
  user: name=masher uid=751 group=masher home=/home/masher groups=mock,ftpsync,bodhi
  tags:
  - bodhi

- name: add apache user to the masher group so it can talk to the monitoring socket
  user: name=apache groups=mock,ftpsync,masher append=yes
  tags:
  - bodhi

- name: add nrpe to the apache group so it can talk to the monitoring socket
  user: name=nrpe groups=apache append=yes
  tags:
  - fedmsgmonitor
  - nagios_client

- name: install bodhi.pem file
  copy: >
    src="{{ private }}/files/bodhi_key_and_cert.pem"
    dest="/etc/pki/bodhi/bodhi.pem"
    owner=apache
    group=apache
    mode=0400
  when: inventory_hostname.startswith('bodhi-backend')
  tags:
  - config
  - bodhi

- name: Put pungi configurations in place
  template: src="{{item}}" dest=/etc/bodhi/{{item}}
  with_items:
  - pungi.module.conf.j2
  - pungi.rpm.conf.j2
  - variants.module.xml.j2
  - variants.rpm.xml.j2
  tags:
  - bodhi
  - bodhi/pungi
  - config

- name: setup /etc/bodhi/mash.conf file...
  template: >
    src=mash.conf
    dest=/etc/bodhi/mash.conf
    owner=apache
    group=apache
    mode=0640
  tags:
  - config
  - bodhi
  when: env == "production"

# tasks for setting up epelmasher

- name: install needed packages
  package: name={{ item }} state=present
  with_items:
  - repoview
  tags:
  - packages
  - bodhi
  when: env == "production"

#
# koji ssl cert for owner sync jobs below
#
#
# cron job that syncs packages to koji
#
- name: put owner-sync-pagure in place
  template: src=owner-sync-pagure.j2 dest=/usr/local/bin/owner-sync-pagure mode=0755
  tags:
  - config
  - bodhi
  - cron

- name: remove all old koji-sync cronjobs
  file:
    path: /etc/cron.d/{{item}}
    state: absent
  with_items:
    - update-koji-owner-EL-6
    - update-koji-owner-EL-6
    - update-koji-owner-epel7
    - update-koji-owner-fedora
    - update-koji-owner-fedora-container
    - update-koji-owner-modules
  tags:
  - bodhi
  - cron

- name: have fedmsg own /usr/share/fedmsg, so it can write the CRL there.
  file: path=/usr/share/fedmsg state=directory owner=fedmsg group=fedmsg
  tags:
  - bodhi

- name: sync packages from pagure-on-dist-git to koji (all branches)
  # XXX If you modify this taglist.  Please also modify the other copy in
  # bodhi2/backend/files/koji-sync-listener.py
  # This cronjob runs only once a day.  The listener script runs reactively.
  cron: name="owner-sync" minute="15" hour="4" user="root"
      job="/usr/local/bin/lock-wrapper owner-sync '/usr/local/bin/owner-sync-pagure f29 f28 f27 f26 f29-container f28-container f27-container f26-container f28-docker f27-docker f26-docker f28-modular f27-modular epel7 dist-6E-epel module-package-list modular'"
      cron_file=update-koji-owner
  when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
  tags:
  - bodhi
  - cron

- name: Ensure that /var/lib/bodhi exists
  file:
    path: /var/lib/bodhi
    state: directory
    mode: 0755
    owner: apache
    group: apache
  when: inventory_hostname.startswith('bodhi-backend01')
  tags:
  - bodhi
  - cron

- name: Install bodhi-dequeue-stable cron job that moves updates from batched to stable
  cron:
    name: "bodhi-dequeue-stable"
    minute: "0"
    hour: "3"
    weekday: "*"
    job: "/usr/bin/bodhi-dequeue-stable && touch /var/lib/bodhi/dequeue-stable"
    user: "apache"
  when: inventory_hostname.startswith('bodhi-backend01.phx2')
  tags:
  - bodhi
  - cron

- name: put the koji sync listener script in place
  copy:
      src: koji-sync-listener.py
      dest: /usr/local/bin/koji-sync-listener.py
      mode: 0755
  when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
  notify:
  - restart koji-sync-listener
  tags:
  - bodhi
  - koji-sync

- name: put the koji sync listener systemd file in place.
  copy:
      src: koji-sync-listener.service
      dest: /usr/lib/systemd/system/koji-sync-listener.service
      mode: 0755
  when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
  notify:
  - reload systemd
  - restart koji-sync-listener
  tags:
  - bodhi
  - koji-sync

- name: start the koji sync listener
  service: name=koji-sync-listener enabled=yes state=started
  when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
  tags:
  - bodhi
  - koji-sync

- name: Install bodhi_sar.py
  copy:
    src: bodhi_sar.py
    dest: /usr/local/bin/bodhi_sar.py
    mode: 0700
    owner: apache
    group: apache
  when: inventory_hostname.startswith('bodhi-backend02')
  tags:
  - bodhi

#
# cron job that syncs updates to master mirror
#

- name: put new-updates-sync in place
  copy: src=new-updates-sync dest=/usr/local/bin/new-updates-sync mode=0755
  when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
  tags:
  - config
  - bodhi
  - cron

- name: put update-fullfiletimelist in place
  copy: src="{{ files }}/scripts/update-fullfiletimelist" dest=/usr/local/bin/update-fullfiletimelist mode=0755
  when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
  tags:
  - config
  - bodhi
  - cron

- name: add create-filelist script from quick-fedora-mirror
  copy: src="{{ files }}/scripts/create-filelist" dest=/usr/local/bin/create-filelist mode=0755
  when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
  tags:
  - config
  - bodhi
  - cron

- name: Set the updates sync cron job
  copy: src=new-updates-sync.cron dest=/etc/cron.d/updates-sync
  when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
  tags:
  - config
  - bodhi
  - cron

- name: directory sizes update cron job.
  cron: name="directory-sizes-update" minute="30" hour="19" user="ftpsync"
        job="/usr/bin/find /pub/alt/ /pub/archive/ /pub/fedora-secondary/ /pub/fedora/ /pub/epel/ -type d  ! -path '/pub/alt/screenshots/f21/source' | grep -v snapshot | /usr/bin/xargs -n 1 /usr/bin/du --exclude=.snapshot -sh > /tmp/DIRECTORY_SIZES.txt 2> /dev/null; cp /tmp/DIRECTORY_SIZES.txt /pub/"
        cron_file=directory-sizes-update
  when: inventory_hostname.startswith('bodhi-backend01') and env == "production"
  tags:
  - config
  - bodhi
  - cron

# bodhi jobs, previously run by the TurboGears scheduler.

- name: bodhi-approve-testing cron job.
  cron: name="bodhi-approve-testing" hour="*/6" minute=0 user="apache"
        job="/usr/bin/bodhi-approve-testing /etc/bodhi/production.ini > /dev/null"
        cron_file=bodhi-approve-testing-job
  when: inventory_hostname.startswith('bodhi-backend02') and env == "production"
  tags:
  - config
  - bodhi
  - cron

- name: bodhi-check-policies cron job.
  cron: name="bodhi-check-policies" hour="*/1" minute=0 user="apache"
        job="/usr/bin/bodhi-check-policies >& /dev/null"
        cron_file=bodhi-check-policies-job
  when: (inventory_hostname.startswith('bodhi-backend01') and env == "staging") or (inventory_hostname.startswith('bodhi-backend02') and env == "production")
  tags:
  - config
  - bodhi
  - cron

- name: bodhi-expire-overrides cron job.
  cron: name="bodhi-expire-overrides" hour="*" minute=0 user="apache"
        job="/usr/bin/bodhi-expire-overrides /etc/bodhi/production.ini 2>&1 | logger -t bodhi-expire-overrides"
        cron_file=bodhi-expire-overrides-job
  when: inventory_hostname.startswith('bodhi-backend02') and env == "production"
  tags:
  - config
  - bodhi
  - cron

- name: setup basic /etc/bodhi/ contents
  template: >
    src="{{  roles_path  }}/bodhi2/base/templates/production.ini.j2"
    dest="/etc/bodhi/production.ini"
    owner=apache
    group=apache
    mode=0600
  when: inventory_hostname.startswith('bodhi-backend')
  notify:
  - reload bodhi httpd
  tags:
  - config
  - bodhi

- name: make a mnt/koji link
  file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji
  when: env != 'staging'
  tags:
  - bodhi

- name: create the /usr/lib/systemd/system/fedmsg-hub.service.d drop-in directory
  file: path=/usr/lib/systemd/system/fedmsg-hub.service.d state=directory mode=0755
  tags:
  - config
  - bodhi

- name: install a femdsg-hub.service drop-in to run it as the apache
  copy: >
    src="fedmsg-hub.conf"
    dest="/usr/lib/systemd/system/fedmsg-hub.service.d/fedmsg-hub.conf"
    owner=root
    group=root
    mode=0644
  notify:
  - reload systemd
  - restart fedmsg-hub
  tags:
  - bodhi
  - config

- name: have the apache own /var/cache/bodhi because of course..
  file: >
    path="/var/cache/bodhi"
    owner=apache
    group=apache
  when: inventory_hostname.startswith('bodhi-backend')
  tags:
  - config
  - bodhi

- name: have the apache own /var/cache/fedmsg because of course..
  file: >
    path="/var/cache/fedmsg"
    owner=apache
    group=apache
    state=directory
  when: inventory_hostname.startswith('bodhi-backend')
  tags:
  - config
  - bodhi

- name: ensure that nrpe has rights to monitor us (dir), including setgid bit.
  file: >
    dest=/var/run/fedmsg
    mode=2775
    owner=apache
    group=nrpe
    state=directory
  ignore_errors: true
  notify:
  - restart fedmsg-hub
  tags:
  - fedmsgmonitor
  - bodhi

- name: ensure that nrpe has rights to monitor us (file)
  file: >
    dest=/var/run/fedmsg/monitoring-fedmsg-hub.socket
    mode=0775
    owner=apache
    group=nrpe
    state=file
  ignore_errors: true
  tags:
  - fedmsgmonitor
  - bodhi

- name: ensure apache is disabled on the backend
  service: name=httpd enabled=no state=stopped
  tags:
  - bodhi

- name: ensure fedmsg-hub is enabled and started on the backend
  service: name=fedmsg-hub enabled=yes state=started
  tags:
  - bodhi

- name: Set up koji profile
  template: src=kojiprofile.conf dest=/etc/koji.conf.d/bodhi.conf
  tags:
  - bodhi

- name: Put in tag2distrepo config
  template: >
    src=tag2distrepo.py.j2
    dest=/etc/fedmsg.d/tag2distrepo.py
  when: inventory_hostname.startswith('bodhi-backend02')
  tags:
  - config
  - bodhi
